Facility manager

Only Perun admin is competent to work with facility in a full scope, but Facility manager is entitled to do following tasks:

1. Create facility

VO MANAGER role needed

Please log in to the Perun system and then go to the Facility manager section.
On the left panel please click on Facilities. Now you can see the list of facilities you can manage.
Click on Create  button in the top bar. Creating a facility is at eight steps.


Create a definition

  • Fill Name of facility and her definition in box Description. The description should be brief for what purpose the device was created.
    • The facility can be created as a copy of another already created facility.
    • Use Cancel  button to cancel creating new facility.
    • If you are satisfy with all the actions, click on Create  button.
  • At this moment the facility has been created.


Add managers

  • When creating a facility, you will automatically become a facility manager.
    • In this step, you may add other managers.
    • If you don‘t want to, click on Continue button.
  • Click on Add  button if you want to add another manager.
    • Fill name of user and click on Search  button. Pick required user by clicking on check-box and click on Add  button up in bar.
    • Click on Close  button when you are finished with adding other managers.
  • If you want to remove the manager from the required facility, mark the manager and click on Remove  button.
    • By clicking on Continue  button you get further.


Add owners

You may skip this step.

  • Click on Add  button if you want to add an owner.
    • The pop-up window of possible device owners will be shown.
    • Pick the required owner by clicking on the check-box and click on Add  button up in the bar.
    • Click on Close  button will close the pop-up window.
  • If you want to delete the owner from the required facility, mark the owner and click Remove  button.
    • By clicking on Continue  button you get further.


Add hosts

You may skip this step. Create a host if the facility is represented by a computer (physical or virtual).

  • Fill hostname at window in left one host per line and click Add  button.
  • If you want to delete the hostname, mark the hostname and click Remove  button.
  • Click on Continue  button.


Select services

  • Select a set of services that will be managed by Perun through this facility.
    • Select a list of services using the check-box in the table, the left buttons group the services according to their purpose and click on them to select the set of services.
    • Click on Continue  button.


Configure services

  • Fill in the values of each field.
    • Fill the attribute values for given services and click on Save  to save the changes.
    • Click on Continue  button to go to the next step.


Configure service destinations

  • You can skip this step, but without setting destinations, Perun doesn‘t send any configurations of services nowhere. We recommend setting destinations until you are satisfied with the facility and resource settings, destinations can be added at any time later.
  • Here you add destinations for service configuration delivery.
  • Select a destination type and enter the value by type. The destination value can‘t be empty.
  • The most common type is a host that transmits the configuration using SSH to the target facility. In the case of a host type, it is not necessary to list the host manually.
    • You can use the Use names of all facility hosts check-box.
  • Service destination adds by clicking the Add  button.
  • You can also remove service destinations by selecting a check-box and click on Remove  button.
    • Click on Continue  button.



  • Now your facility was created and configured.
    • Continue by clicking on Create  new resource button and create a resource(s) for Vos.
    • You can exit by click on the Exit button.


Please note: You may edit every step which you skipped. Use Back button to re-edit your adjustments.

2. Add owner

Every facility must have his owner to know what organization is responsible for its utilization. There is a list of owners on the page of selected facility in GUI. Click Owners in the left menu. Buttons Add and Remove serve to add new owners or remove the old ones.

3. Create a Resource

VO MANAGER role needed

The resource is a part of a facility that serves for particular VO. The only Facility manager is allowed to create and delete a resource. The facility manager can only see which resources are connected to the facility by selecting a particular facility and clicking on Resources  in the left menu. In the same place can be resource created or deleted.

Here is created a bond of services and resources, if you want to add a group to a resource you must be a VO manager.

Please log in to the Perun system and then go to the Facility manager section. On the left panel please click on Select facility. If you have not created a facility yet, follow the Create facility manual.

  • Use the filter window to locate the facility you created. Enter the facility name and search.
  • Click on the facility to select the facility you want. On the Resource tab, click the Create  button.


Create resource

  • In the small window, select the VO for which source you want to create.
  • Fill Name and Description.
    • Name - Please insert the desired resource name. The name of a resource can be whatever, but you shall keep conventions in your VO.
    • Description - Here you can insert your own resource description to specify its purpose.
  • Click on Create  button or cancel by clicking on Cancel  button


Create resource: Assign and configure services

Select service you want to assign from drop-down Selected service of all services. Service settings will be shown in the table below. Check-box Show assigned to show you the services already assigned to the resource. If you want to add the selected service, click on Add  button.

The Remove  button deletes the already created service.
You can save the changes with the Save  button for the selected service.
The Fill button automatically fills the service field and Remove  button deletes the selected service settings.
If you finished all operations, click on Finish  button to finished resource creating.

4. Assign service to Resource

Services serve to synchronize the state of the facility (in real-world) with its state configured in the Perun system. Assigning service to resource, facility manager allows VO to connect with a resource to utilize this service. Services are assigned to each resource separately because not every service is required by every VO. Service must be set on facility first, then on the resource.

Tutorial on how to assign services

5. Set attributes

It is essential to set all necessary attributes for the proper utilization of the facility. Attributes must be set in good order. First attributes in the facility, then attributes in the resource. In addition, attributes in resources can be set only in the scope of attributes in the facility. Every service has required attributes that must be set for the correct work of service.

Tutorial to set service attributes

6. Show destinations

Destinations are tightly connected with services. Only a facility manager can assign services to destinations. Service destinations are available after clicking on button Service destinations in the left menu of the particular facility.

There are several types of Destinations:

  • host - data will be sent to the machine using SSH
  • url - data will be sent to the URL using POST
  • email - data will be sent in the body of the email to the given address
  • email - data will in the body of a digitally signed email

7. How to monitor states of services

  • GUI: select facility and click on Propagation status in the left menu. Detail of service is obtained by clicking on the line with service.
  • CLI: getTaskResultsForDestinations
  • Perl: $propagationStatsReaderAgent->getTaskResultsForDestinations(destinations => \@destinations)

All states of all facilities administered by you, you see by clicking All Facility states  in the left menu.

8. Services from the facility manager's point


Services are tools to keep real-life facilities synchronized with their settings in the Perun system. Most of the services are realized by a set of scripts:

  • gen scripts serve to select data from database in Perun
  • send scripts serves to send data from the database to destinations (real-life facility)
  • slave scripts serve to operate with data in the facilities

The facility and VO manager make an arrangement for services that the facility utilizes and for structure and type of data. Especially slave scripts are important for facility admin.

Service propagation

By clicking on the Service propagation  in the left menu, a list of services and their propagation status is obtained. By button Force propagation, propagation of particular service is queued. Depending on the length of the queue, it may take several seconds to propagate your task.

Slave scripts installation

There are packages containing slave scripts for Debian and RPM systems, prepared for facility managers. In a case of need, packages for other systems can be prepared. Scripts to gen, send and slave is available from Meta repository (package perun-slave). Perun is authorized to the machine using the SSH key. All scripts in the destination facility are available in /opt/perun/bin/. For facilities which are installed by a puppet, modules are prepared module described at https://forge.puppetlabs.com/ceritsc/perun

How to install scripts to facility
  • For RH based machines are packages available in RPM repository
  • Install perun-slave-base package and then packages for the services you require, e.g. to support sshkeys service install perun-slave-process-sshkeys.
apt-get install perun-slave-base
# then for each service
apt-get install perun-slave-process-[service-name]
  • If you wish, you can install packages for all services with this meta-package: perun-slave-full.
apt-get install perun-slave-full
  • For MetaCentrum machines install perun-slave-meta-key package, which allows access from the CESNET Perun instance. SSH key without use perun-slave-meta-key can be inserted manually: insert into /root/.ssh/authorizes_keys
    • Also, install perun-slave-metacentrum to get a basic set of services for Metacentrum.
apt-get install perun-slave-meta-key perun-slave-metacentrum

New edits of slave scripts are made concerned with matching versions of gen scripts. Version number contains 3 digits:

  • first is a version of system Perun (now 3)
  • second is changed when gen script changed and a new version of slave scripts is necessary to install
  • third is changed when gen script is changed, but the slave script accept it

There is a strong tendency to keep slave scripts the same in all facilities, but sometimes facilities have specific requirements (e.g. settings of home directories, paths to scripts etc.). As a consequence, pre and post scripts are introduced. They differ in every facility and complement the functionality of slave scripts. When the slave script starts, it searches for pre_ script in the service directory and runs it before its own functionality starts. The same process is after slave script execution, the post_ scripts are run.

All scripts are executed in alphabetical order; therefore we recommend to name scripts according to the pattern: pre_XX_name, where XX is number with two digits that specify the order of script's execution. Pre and post scripts are created by facility managers. In addition, there is no need to create these scripts if the facility manager is satisfied with default settings. Finally, there is a freedom in utilizing services thanks to customizable pre and post scripts.

Perun is installed to the machine (facility) with all possible slave scripts, but blacklisting and whitelisting of scripts depend on the configuration in the Perun system. As far as whitelisting is concerned, no other service with an exception of the whitelisted ones will be executed. As for blacklisting, all services will be executed except for the blacklisted ones.

Example of blacklisting /etc/perunv3.conf:


Example of whitelisting /etc/perunv3.conf:

Pushed synchronous propagation

When the installation is complete, it is necessary to propagate services. Command remctl is available in package remctl-client in distributions.

 remctl perun.ics.muni.cz perun propagate

Propagate all services defined in the machine.